Freedesktop Poppler vulnerabilities
157 known vulnerabilities affecting freedesktop/poppler.
Total CVEs
157
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH52MEDIUM92LOW4
Vulnerabilities
Page 4 of 8
CVE-2019-9877P4HIGHCVSS 7.8≥ 0, < 0.41.0-0ubuntu1.13≥ 0, < 0.62.0-2ubuntu2.82019-03-21
CVE-2019-9877 [HIGH] CVE-2019-9877: There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
osv
CVE-2010-3704P4MEDIUMCVSS 6.8≥ 0, < 0.12.4-1.22010-11-05
CVE-2010-3704 [MEDIUM] CVE-2010-3704: The FoFiType1::parse function in fofi/FoFiType1
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input valid
osv
CVE-2009-1188P4MEDIUMCVSS 5.0≥ 0, < 0.10.6-12009-04-23
CVE-2009-1188 [MEDIUM] CVE-2009-1188: Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap
Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
osv
CVE-2009-3938P4MEDIUMCVSS 6.8≥ 0, < 0.12.2-2.12009-11-13
CVE-2009-3938 [MEDIUM] CVE-2009-3938: Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev
Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.
osv
CVE-2010-3702P4HIGHCVSS 7.5≥ 0.8.7, ≤ 0.15.12010-11-05
CVE-2010-3702 [HIGH] CWE-476 CVE-2010-3702: The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
nvdosv
CVE-2017-9776P4HIGHCVSS 7.8≤ 0.55.02017-06-22
CVE-2017-9776 [HIGH] CWE-190 CVE-2017-9776: Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
nvdosv
CVE-2013-1788P4MEDIUMCVSS 6.8≤ 0.22.02013-04-09
CVE-2013-1788 [MEDIUM] CWE-119 CVE-2013-1788: poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and po
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
nvdosv
CVE-2017-14617P4HIGHCVSS 7.8v0.59.02017-09-20
CVE-2017-14617 [HIGH] CWE-20 CVE-2017-14617: In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which ma
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
nvdosv
CVE-2009-1187P4MEDIUMCVSS 5.0≥ 0, < 0.10.6-12009-04-23
CVE-2009-1187 [MEDIUM] CVE-2009-1187: Integer overflow in the JBIG2 decoding feature in Poppler before 0
Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).
osv
CVE-2019-9589P4HIGHCVSS 7.8≥ 0, < 0.41.0-0ubuntu1.13≥ 0, < 0.62.0-2ubuntu2.82019-03-06
CVE-2019-9589 [HIGH] CVE-2019-9589: There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
osv
CVE-2018-13988P4MEDIUMCVSS 6.5≤ 0.62.02018-07-25
CVE-2018-13988 [MEDIUM] CWE-125 CVE-2018-13988: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
nvdosv
CVE-2019-9959P4MEDIUMCVSS 6.5≤ 0.78.02019-07-22
CVE-2019-9959 [MEDIUM] CWE-190 CVE-2019-9959: The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stre
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
nvdosv
CVE-2007-0104P4MEDIUMCVSS 6.8≥ 0, < 0.4.5-5.12007-01-09
CVE-2007-0104 [MEDIUM] CVE-2007-0104: The Adobe PDF specification 1
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
osv
CVE-2009-3605P4MEDIUMCVSS 6.8≥ 0, < 0.12.2-12009-11-02
CVE-2009-3605 [MEDIUM] CVE-2009-3605: Multiple integer overflows in Poppler 0
Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) Spla
osv
CVE-2019-12493P4HIGHCVSS 7.1≥ 0, < 0.44.0-22019-05-31
CVE-2019-12493 [HIGH] CVE-2019-12493: A stack-based buffer over-read exists in PostScriptFunction::transform in Function
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.
osv
CVE-2025-52886P4MEDIUMCVSS 5.9fixed in 25.06.02025-07-02
CVE-2025-52886 [MEDIUM] CWE-416 CVE-2025-52886: Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference co
Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.
nvdosv
CVE-2013-1790P4MEDIUMCVSS 6.8≤ 0.22.02013-04-09
CVE-2013-1790 [MEDIUM] CWE-119 CVE-2013-1790: poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
nvdosv
CVE-2018-16646P4MEDIUMCVSS 6.5v0.68.02018-09-06
CVE-2018-16646 [MEDIUM] CWE-835 CVE-2018-16646: In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a cra
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
nvdosv
CVE-2010-4653P4MEDIUMCVSS 6.5fixed in 0.16.32019-11-13
CVE-2010-4653 [MEDIUM] CWE-190 CVE-2010-4653: An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
nvdosv
CVE-2005-3625P4CRITICALCVSS 10.0≥ 0, < 0.4.4-12005-12-31
CVE-2005-3625 [CRITICAL] CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
osv